whekin/household-bot
1
0
Fork 0
mirror of https://github.com/whekin/household-bot.git synced 2026-03-31 17:44:03 +00:00
Code Issues Packages Projects Releases Wiki Activity

fix(review): harden miniapp auth and finance flows

Browse Source
This commit is contained in:
whekin
2026-03-09 00:30:31 +04:00
parent 91a040f2ee
commit c8b17136be
22 changed files with 327 additions and 157 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
docs/specs/HOUSEBOT-040-miniapp-shell.md
View File

@@ -39,7 +39,7 @@ Build the first usable SolidJS mini app shell with a real Telegram initData veri
- Telegram initData is verified with the bot token before membership lookup.
- Mini app access depends on an actual household membership match.
- CORS can be limited via `MINI_APP_ALLOWED_ORIGINS`; if unset, the endpoint falls back to permissive origin reflection for deployment simplicity.
- CORS can be limited via `MINI_APP_ALLOWED_ORIGINS`; local development may use permissive origin reflection, but production must use an explicit allow-list.
## UX Notes